15 secure apps ISIS terrorists are using to communicate online

Militant Islamist fighters take part in a military parade along the streets of northern Raqqa province, June 30, 2014.REUTERS/Stringer

After deadly terrorist attacks killed 129 people in Paris, France, government officials have condemned the technology industry's embrace of encryption, which ensures user privacy but also makes it harder for government eyes to intercept the communications of terrorists and criminals.

It's a problem felt by authorities and tech companies alike that has become more pronounced. Especially after a number of major companies were embarrassed by the Edward Snowden's leaks, which showed the National Security Agency was sifting through everything from people's email to their Facebook messages and Skype video chats.

"I don't know anyone who says 'I love what ISIS is doing' [with encryption technology]," Anthony Pompliano, a former product manager at Facebook, told Tech Insider. "But at the same time, I don't know anyone who is saying we should violate people's civil rights to stop that."

So what technologies are terrorists using to communicate these days? It turns out that ISIS members have been passing around a 34-page guide to operational security, which gives a good overview of exactly that. Though the document originated from a Kuwaiti cybersecurity firm to help activists and journalists, Aaron Brantley and researchers with West Point's Combating Terrorism Center noticed the document's appearance on jihadi forums, seemingly using the tips and tricks for their own ends.

Government officials have increasingly come out against the use of encryption in consumer technology products, with some even asking for "backdoors."

FBI Director James Comey takes a question from a reporter during a news conference at the FBI office in Boston, Massachusetts November 18, 2014.REUTERS/Brian Snyder

But post-Snowden, that's a tough pill for many in Silicon Valley to swallow.

Michael Buckner/Getty Images

And if there's anything this manual on tech security shows, there are likely more secure apps than intelligence officials can keep up with.

Steve Kovach/Business Insider

Mappr is a recommended tool that can change location data on photos, so they don't reveal where they actually are.

Screenshot/Mappr

Tech Insider reached out to the developer behind Mappr, and we'll update if we hear back.

The manual does allow users to go on Twitter, but only through the secure web version or the official Android or iOS application.

WorldBank/Flickr

Tech Insider reached out to Twitter, and we'll update if we hear back.

It goes on to instruct users in securing their Twitter account, and recommends two-step authorization.

REUTERS/Mike Segar

The preferred email services for are non-US companies, like Hushmail and the invite-only ProtonMail. Both offer free and easy-to-use encrypted email.

Hushmail/screenshot

"It’s unfortunate to see us mentioned in the manual," Ben Cutler, the CEO of Hushmail, told Tech Insider in an email. "Hushmail is not suitable for any kind of illegal activity. We state prominently on our website, and It is widely known that we cooperate fully and expeditiously with authorities pursuing evidence via valid legal channels."

We also reached out to representatives of ProtonMail, who told Tech Insider they found out about the ISIS manual a couple of days ago. Dr. Andy Yen, CEO of Proton Technologies AG, told Tech Insider:

"ProtonMail is the world's largest secure email service, and unfortunately, out of 1 million users, we will have some who use the service for illegal purposes. Our intent when creating ProtonMail was to protect at risk groups such as democracy activists, dissidents, and journalists, but technology does not distinguish between good and bad, so the same technology that protects these groups can unfortunately also protect ISIS. This is in fact a strong validation that our end-to-end encryption technology works well and cannot be compromised to specifically target certain groups. ... ISIS doesn't just use ProtonMail, they also use Twitter, mobile phones, and rental cars, so we couldn't possibly ban everything that ISIS uses without disrupting democracy and our way of life, and in effect achieving one of the prime objectives of terrorism."

For secure phone calls, the manual recommends encrypted phones like the German-made CryptoPhone or BlackPhone. Both offer secure message and voice communication.

via PopularScience

Cryptophone spokesperson Karl Osterberg told Tech Insider the company is under strict German and European export control regulations, and the company "[considers] it highly unlikely that GSMK CryptoPhone products are in active use by IS terrorists."

A spokesperson for Silent Circle, the maker of BlackPhone, told Tech Insider:

"We provide secure communications—not anonymity—and we will not tolerate bad actors using our service. We deliver peer-to-peer encryption technology through a paid subscription service to governments, consumers and enterprises, including many of the military and law enforcement agencies confronting terrorism today.

Encryption plays an important part of maintaining digital security in everyday life—from online banking to intellectual property – and we will continue to responsibly deliver our services without ever compromising the highest standards of security and privacy."

For users without internet, the manual recommends apps like FireChat, Tin Can, or The Serval Project.

Reuters

Tech Insider reached out to the developers behind FireChat, Tin Can, and The Serval Project, and we'll update if we hear back.

Also popular among activists under repressive governments, these apps allow users to message each other without internet connectivity sometimes up to 200 meters away, though the manual notes they are not encrypted.

Wafaa Badry for Business Insider

The manual recommends the Freedome service to protect from spyware and fraudulent websites.

Flickr/P7302833

Tech Insider reached out to F-Secure, and we'll update if we hear back.

And Avast SecureLine to mask their true IP addresses, which could fool someone into thinking a jihadi in Syria was instead browsing from South Korea.

Screenshot

Tech Insider reached out to Avast for comment, and its CEO Vince Steckler offered this statement:

"We are very disturbed to read that our SecureLine product is amongst a list of products in an ISIS guide on how to hide oneself. SecureLine is a popular VPN (virtual private network) that is designed to be used by people who are concerned about their privacy. This includes businesses communicating sensitive commercial information, pro-democracy activists who are worried about being snooped on by authoritarian governments, and others who simply value privacy. It is in the nature of these sorts of products that they cannot be policed. Unfortunately, we live in a time where we see good software products designed for good purposes being used for malicious intent. Avast is committed to the safety and security of our customers and staying ahead of the bad guys who hurt innocent people."

For users who need even more security, the manual recommends the Tor internet browser. It's a favorite among hackers and security-minded pros, since it hides your ID and encrypts everything.

EFF

Tech Insider reached out to the Tor Project, and we'll update if we hear back.

To encrypt files, the recommended programs are VeraCrypt and TrueCrypt, which even Edward Snowden has endorsed in the past.

Illustration file picture shows a man typing on a computer keyboard in WarsawVeraCrypt/screenshot

We were unable to find an email address for the makers of TrueCrypt, but a spokesperson for VeraCrypt did respond.

"Unfortunately, encryption software like VeraCrypt has been and will always be used by bad guys to hide their data and such events must not make us forget the importance of encryption in the protection of privacy and corporate assets," Mounir Idrassi, the CEO of Idrix (which makes Veracrypt), told Tech Insider. "Their use by criminals and terrorists is unfortunate but such people are already able to get their hands on heavy weapons and explosives despite the ban on their sale, so access to encryption by these guys will always be possible no matter what regulation is put in place."

An included note recommends downloading an older version, since TC's website now has a cryptic message about "unfixed security issues."

TrueCrypt/screenshot

The manual also mentions Telegram, an encrypted mobile messaging app that can host different channels where ISIS members can talk in a group setting.

Telegram

Tech Insider reached out to Telegram, and we'll update if we hear back.

One thing is certain: With apps on this list from companies around the world, US government officials asking for encryption "backdoors" aren't likely to get it.